core: support HTTP basic auth in consul remote state

Closes #1663

state/remote/consul.go

@@ -3,6 +3,7 @@ package remote
 import (
 	"crypto/md5"
 	"fmt"
+	"strings"
 
 	consulapi "github.com/hashicorp/consul/api"
 )
@@ -23,6 +24,17 @@ func consulFactory(conf map[string]string) (Client, error) {
 	if scheme, ok := conf["scheme"]; ok && scheme != "" {
 		config.Scheme = scheme
 	}
+	if auth, ok := conf["http_auth"]; ok && auth != "" {
+		var username, password string
+		if strings.Contains(auth, ":") {
+			split := strings.SplitN(auth, ":", 2)
+			username = split[0]
+			password = split[1]
+		} else {
+			username = auth
+		}
+		config.HttpAuth = &consulapi.HttpBasicAuth{username, password}
+	}
 
 	client, err := consulapi.NewClient(config)
 	if err != nil {

website/source/docs/commands/remote-config.html.markdown

@@ -57,6 +57,10 @@ The following backends are supported:
   * `scheme` - Specifies what protocol to use when talking to the given
     `address`, either `http` or `https`. SSL support can also be triggered
     by setting then environment variable `CONSUL_HTTP_SSL` to `true`.
+  * `http_auth` - HTTP Basic Authentication credentials to be used when
+    communicating with Consul, in the format of either `user` or `user:pass`.
+    This may also be specified using the `CONSUL_HTTP_AUTH` environment
+    variable.
 
 * Etcd - Stores the state in etcd at a given path.
   Requires the `path` and `endpoints` variables. The `username` and `password`